.svg)
The US Consumer Financial Protection Bureau (CFPB) has outlined proposals that enable consumers to share financial data with third parties. Although not explicitly an open banking rule, it will help the US move one step closer to it.
Last week (October 27), the CFPB issued a document setting out proposals and alternatives that it is considering as part of its data rights rulemaking under Section 1033 of the Dodd-Frank Act.
Commenting on the proposal, CFPB director Rohit Chopra said that the Section 1033 rule “is not explicitly an open banking or open finance rule” but it will help the US to move closer to it.
The document describes who is a data provider and a third party, what type of information could be shared and what the obligations of third parties are.
According to the CFPB, its Section 1033 rule will facilitate a range of services that gives consumers more bargaining leverage against their bank and enables third parties to provide products and services that are better tailored to the consumer.
For instance, individuals who want to switch providers can transfer their account history to a new company and will be able to switch recurring payments, such as direct deposits and scheduled payments linked by ACH or debit card.
In addition, the rule will enable nascent firms to customise, improve and develop products and services.
Market participants, however, noted that Section 1033 defines only the terms of data access.
In a comment letter written to the agency last year, The Clearing House pointed out that although data shared under Section 1033 may assist third-party providers to initiate a payment, payment authorisation/initiation itself is beyond the scope of Section 1033.
In the EU and UK, regulations differentiate between account information service providers (AISPs) and payment initiation service providers (PISPs) and set rules for both. Whereas the former has “read-only” access to consumer data, PISPs can “read-write”, meaning that they can initiate authorised transactions on behalf of the consumer.
The CFPB declined to comment on whether it has plans to regulate payment initiation, although some market players have raised the benefits of such a move.
Last year, Wise, which provides payment initiation services in the UK and has operations in the US, said it encourages the bureau to “craft a roadmap on the future of open finance that considers allowing for payments initiation". The fintech emphasised that payment initiation "is central to open banking efforts abroad”.
Brigit Carroll, Wise’s policy and campaigns manager for North America, has now told VIXIO it is “thrilled to see [the rulemaking] happening as consumers will benefit from the increased competition and innovation”.
She added that Wise supports the introduction of payment initiation services to the CFPB’s personal financial data rights rulemaking.
“Payment initiation services introduce a wealth of innovation and more competition in the market when it comes to payment methods. For Wise, it would allow us to make money transfers easier, more convenient and cheaper for our customers,” she explained.
From screen scraping to APIs
Another key part of the rulemaking is to ensure that the data is shared in a secure way.
The CFPB's proposal would require financial institutions offering deposit accounts, credit cards, digital wallets, prepaid cards and other transaction accounts to set up secure methods, such as APIs, for data sharing.
“One reason that the current ecosystem is unstable is that many companies currently access consumer data through activities like screen scraping,” Chopra said.
As such methods are not secure, they are likely not sustainable and may become blocked in future as data security standards evolve, the CFPB director added.
"[C]onsumers who want to link their accounts with an app that helps them budget, make payments, or find a route to affordable credit would be able to do so without having to provide login credentials to third parties that are used in screen scraping," Chopra explained.
APIs have been a crucial part of the EU and UK open banking regime due to their role in helping to establish a secure connection between retailers, fintechs and banks.
Americans’ right to financial data sharing is provided by the post-financial crisis Dodd–Frank Act 2010, but “would only have teeth” after the CFPB defines the specifics through rules, the CFPB director stressed.
The US agency confirmed that it is now in the process of writing the regulations.
